The main cyber threats companies are not prepared for are: outsider attack (43%), data vulnerability (38%), insider sabotage (35%), user errors (35%), and phishing (35%), according to a Bitdefender survey on US IT decision makers.
Outsider attacks and data vulnerability pose a significant risk for all companies and represent the main threats that companies are unprepared to handle, and CIOs are aware that cybercriminals can spend large amounts of time inside organizations without being detected - APTs are often defined as designed to evade detection.
Cyber criminals also use tactics to draw attention away from what they are doing and where they have succeeded, while these cyberattacks impact business decisions, mergers/acquisitions and competitive positions, as recent reports confirmed.
“To limit the risks of insider sabotage and user errors, companies must establish strong policies and protocols and restrict the ways employees use equipment and infrastructure or privileges inside the company network,” Bitdefender’s Bogdan Botezatu, Senior e-Threat Specialist recommends. “The IT department must create policies for proper usage of the equipment, and ensure they are implemented.”
In the past two years, companies witnessed a rise in security incidents and breaches, with a significant increase in documented APT (Advance Persistent Threat) type of attacks targeting top corporations or government entities (such as APT-28). This type of attack is intended to exfiltrate sensitive data over a long period or silently cripple industrial processes. In this context, concerns for security are rising to the top levels, with decisions taken at the board level in most companies. Both IT decision makers and CEOs are concerned about security, not only because of the cost of a breach (unavailable resources and/or money lost), but also because the reputation of their companies is at risk when customer data is lost or exposed to criminals. As real cases have shown, the bigger the media coverage a security breach receives, the greater the complexity of the malware causing it. On top of this, migrating corporate information from traditional data centers to a cloud infrastructure has significantly increased companies’ attackable surface, bringing new threats and more worries to CIO offices regarding the safety of their data.
This survey was conducted in October 2016 by iSense Solutions for Bitdefender on 250 IT security purchase professionals (CIOs/CEOs/ CISOs – 26 percent, IT managers/directors – 56 percent, IT system administrators – 10 percent, IT support specialists – 5 percent, and others), from enterprises with 1,000+ PCs based in the United States of America.
More than half of the organizations surveyed are from the IT hardware and software / electronic and electrical engineering industries, while 24 percent are from manufacturing, 6 percent from transportation, 4 percent are providers of telecommunication services, 4 percent are utility or public services companies, and the rest come from construction, retail, distribution, media or other industries.
Some 62 percent of the organizations surveyed have over 3,000 employees, 14 percent between 2,000 and 2,999, and 24 percent between 1,000 and 1,999.
Regarding IT infrastructure development in the organizations, 39 percent of the companies have 3,000+ computers, 21 percent between 2,000 and 2,999, and 40 percent between 1,000 and 1,999. The average proportion of employees working on computers in the organizations surveyed is 74 percent.
Geographically, a third of the organizations are in the West, 30 percent in the North-East, 28 percent in the South and 11 percent in the Mid-West.